Spam Volumes Drop by Two-Thirds After Firm Goes Offline

The volume of junk e-mail sent worldwide plummeted on Tuesday after a Web hosting firm identified by the computer security community as a major host of organizations engaged in spam activity was taken offline. (Note: A link to the full story on McColo's demise is available here.)

Experts say the precipitous drop-off in spam comes from Internet providers unplugging McColo Corp., a hosting provider in Northern California that was the home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day.

In an alert sent out Wednesday morning, e-mail security firm IronPort said:

In the afternoon of Tuesday 11/11, IronPort saw a drop of almost 2/3 of overall spam volume, correlating with a drop in IronPort's SenderBase queries. While we investigated what we thought might be a technical problem, a major spam network, McColo Corp., was shutdown, as reported by The Washington Post on Tuesday evening.

Spamcop.net's graphic shows a similar decline, from about 40 spam e-mails per second to around ten per second -- if I'm reading that graphic correctly.

A number of other spam-fighters today reported a similar drop in junk e-mail volumes. I heard from a reader named Martin who works at a small hosting facility in Germany. He wrote in after noticing a lack of spam banging on his company's e-mail servers. He sent in this graphic and asked that we not use his full name or identify his employer.

Security Fix reader Ted wrote in to say his small Internet service provider also charted a massive collapse in spam volumes yesterday and into today. Ted, who also requested we use only his first name, writes:

Dear Mr. Krebs,

Thank you for your outstanding contribution to bringing down McColo Corp.

I can clearly see the impact you've had, by looking at the spam graph of the small ISP which hosts the web site [omitted] for me:

The daily 15 minute graph reports the rate of spam over a 29 hour period. Time is UTC. As I write, it is about 12:00 UTC, and detected spam is arriving at less than half the rate of the same time yesterday.

The world saw a similar -- if short-lived -- drop in spam volumes in September, following the demise of Intercage, a.k.a. "Atrivo," another Northern California based ISP that security experts identified as a major source of badness online. In that case, it only took the spammers a few days to find a new home. It seems likely that the same will happen in this case as well, and that this minor victory will be short but sweet.

Nilesh Bhandari, product manager with IronPort, said the company sees an average of about 190 billion spam e-mails each day. Then, at around 4:30 p.m. ET yesterday, IronPort saw a huge decline in spam levels. For the 24 hour period ending Tuesday, the company tracked about 112 billion spam messages.

Bhandari said he expects the spam volume to recover to normal levels in about a week, as the spam operations that were previously hosted at McColo move to a new home.

"We're seeing a slow recovery," Bhandari. "We fully expect this to recover completely, and to go into the highest ever spam period during the upcoming holiday season."

That is fantastic news but can you help me with this huge problem? Splogging. I have 2-4 sploggers ripping my content off every day. Is that diminishing my page rank? Does Google look at my content as the originator or duplicate?

I understand the process of trying to shut them down but it is both very long and archaic. In addition I have been informed that my sploggers are generating ad dollars to Google and Google therefore has little incentive to remove or "deindex" them.

e.g., here, 2nd page of the story: "Multiple security researchers have recently published data naming McColo as the host for all of the top robot networks or "botnets," which are vast collections of hacked computers that are networked together to blast out spam or attack others online. These include SecureWorks, FireEye and ThreatExpert."

Click the links in that paragraph and you'll see some of the bigger examples: Mega-D, Srizbi, Pusdo/Cutwail. Rustock, et. al.

I had meant to put up more supporting blog posts today, but got slammed with other stuff. Stay tuned.

And shortly thereafter, I received three phoney announcements that told me of my great good fortune in winning thousands of dollrs or similar inducement to give my vitals on three successive days. These were done by amatures, and probably from or controlled by a single source.My guess is that each letter constitutes attempted fraud; misrepresentation; conspiracy to steal my identity. These are serious crimes; and should be pursued promptly ansd diligently by the FBI.